Risk analysis or risk assessment
Implementing the Management Consulting in the field of Data Protection, Risk analysis or Risk Assessment have a major role. Risk analysis is an indispensable step in any security planning, starting from the identification of the assets to be protected, and then calculating the possible threats in terms of probability of occurrence and related potential damage (severity).
Based on the risk analysis, the customer decides whether, how and which safety countermeasures to adopt (plan for adopting appropriate measures).
The risk analysis typically precedes the step of adopting suitable technological and organizational measures.
Often the target of the attacker is not represented by the computer systems per se, but rather by the data contained in them: computer security must therefore take care to prevent access not only to unauthorized users, but also to subjects with limited authorization to specific operations, to prevent data belonging to the IT system from being copied, modified or deleted.
There can be many violations: there may be unauthorized attempts to access restricted areas, theft of digital identity or confidential files, use of resources that the user should not be able to use etc. Cyber security also takes care of preventing any Denial of service (DoS) situations. DoS are attacks launched on the system with the aim of making certain resources unusable in order to damage system users.